package snapex.core.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Configuration
public class ResourceServerConfiguration {

	@Configuration
	@EnableWebSecurity
	@EnableGlobalMethodSecurity(prePostEnabled = true)
	static class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
				
		@Autowired
		AuthenticationManagerBuilderDelegate builder;
		
		@Override
		protected void configure(AuthenticationManagerBuilder auth) throws Exception {			
			builder.build(auth);
		}

		@Override
		public void configure(HttpSecurity http) throws Exception {
			
			http.csrf().ignoringAntMatchers("/expense/uploadall","/expense/sync","/expense/all","/expense/local","/expense/remote","/expense/importall");
			
			http.authorizeRequests()
					.antMatchers("/resources/**").permitAll()
					.anyRequest().authenticated()
				.and()
				.formLogin()
					.loginPage("/login").permitAll()
					.failureForwardUrl("/login/error")
				.and()
					.logout()
					.logoutUrl("/logout").permitAll();
		}
	}
}
